write-context-rules
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates within its stated purpose of building documentation and context for the agent. No malicious patterns, obfuscation, or unauthorized access attempts were detected.
- [EXTERNAL_DOWNLOADS]: The skill performs web searches to gather business information based on domains found in local configuration files. This data is used solely to assist in documentation generation and is subject to user validation.
- [PROMPT_INJECTION]: Analysis of the indirect prompt injection surface: 1. Ingestion points: nao_config.yaml, databases/ metadata, and external web search results; 2. Boundary markers: Present via mandatory step-by-step user confirmation and diff review before saving; 3. Capability inventory: Modifies the RULES.md file which is part of the agent's system context; 4. Sanitization: Absent, relying on user-mediated verification for all external content. The risk is mitigated by the user validation process.
Audit Metadata